Bug 1654459 (CVE-2018-19475)
| Summary: | CVE-2018-19475 ghostscript: access bypass in psi/zdevice2.c (700153) | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Laura Pardo <lpardo> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | bas, cbuissar, deekej, mosvald, twaugh, zdohnal |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | ghostscript 9.26 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-02-01 14:01:35 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1654460, 1660569, 1660570, 1660571 | ||
| Bug Blocks: | 1654472 | ||
|
Description
Laura Pardo
2018-11-28 20:37:38 UTC
Created ghostscript tracking bugs for this issue: Affects: fedora-all [bug 1654460] Mitigation: Please refer to the "Mitigation" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509 This vulnerability allows remote code execution when a user opens a specially-crafted PS or PDF file, or when a user uses the file explorer to browse a directory containing such a file (triggering thumbnail generation). CVE-2018-19475 was patched upstream on 12 November (http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e, http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315), and a new Ghostscript version containing the patch was released three weeks ago on 20 November (version 9.26: https://www.ghostscript.com/doc/9.26/News.htm). Debian/Ubuntu patched the vulnerability in November. As it stands, users of RedHat, Fedora, and CentOS are still vulnerable. I'm part of the team at Semmle; my colleague Man Yue Mo discovered the vulnerability. We take coordinated/responsible disclosure very seriously. With the patch committed to a public Git repository and a new release been made available three weeks ago, we consider the details of this vulnerability to be public knowledge. Please be aware that we will therefore imminently publish more information about the discovery of this vulnerability. We are aware of the code execution potential of this vulnerability, and the flaw is treated as Important. We are currently actively working on a solution to resolve the different recently discovered flaws without creating regressions. It is to be noted that starting from Red Hat Enterprise Linux 7.6, the thumbnailer is executed in a sandbox. Statement: Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:0229 https://access.redhat.com/errata/RHSA-2019:0229 External References: https://blog.semmle.com/ghostscript-CVE-2018-19475/ |